Fwd: [Openswan Users] IPsec SA established but no l2tp

Rui Sampaio rui.csas at gmail.com
Fri Jan 7 00:15:00 CET 2005


> I had to enable IPSEC passthrought and add "nat_traversal=yes" to make
> the ipsec connection

These are mutually exclusive. I never tested IPsec passthrough with
L2TP/IPsec. I suggest you disable IPsec passthrough on your router,
if it is possible.

I've disabled IPsec passthrought,

>         left=192.168.1.10
>         leftsubnet=82.102.47.250/32

Hm, this leftsubnet is because of the server-side NAT, right?

I don't understant myself very well.

192.168.1.10 is the IPsec server's IP
82.102.47.250 is my external IP, assigned to the router

I've put the subnet line because I got this error:

cannot respond to IPsec SA request because no connection is known for
82.102.47.250/32===192.168.1.10:4500:17/1701...(roadwarrior
IP):17/1701


> ip range = 192.168.1.155-192.168.1.170
> local ip = 192.168.1.99

Your external interface 192.168.1.10 cannot be in the
same subnet as 'ip range'. Change either one to something else.

My external interface (router)  is not on same subnet it's IP is 82.102.47.250

After this, if I change the leftsubnet I get the error above. If not
l2tp still doesn't work


More information about the Users mailing list